Information Technology Policies and Standards
|Computer Abuse Incident Reporting and Response (Revised)|
To Be Reviewed
|Applies to all City information technology assets.|
|Misuse of City information technology assets will not be tolerated. City employees are responsible for reporting known or suspected abuse incidents to their Department or to +the Inspector General+ |ISD.
Where an abuse incident involves potential misconduct by a City employee, that employee's Department retains responsibility for +investigation and+ ultimate resolution of the incident and any action taken against the employee. ISD will provide technical assistance as required.
Where an abuse incident involves potential effects on the City's information technology infrastructure, ISD will take the actions necessary to secure the reliability and integrity of the infrastructure.
Where an abuse incident involves Federal law that requires the City to act in its role as a "service provider", ISD will coordinate +the resolution with the appropriate Department+ t
Where an abuse incident involves possible criminal activity or threats to personal safety or physical property, +the Department must+
ISD will contact and coordinate with the appropriate law enforcement agencies.
+Reporting and response procedures shall be published. Definitions of common terms used in this policy and subsequent procedures shall be published in a standard.+
|Due to a variety of issues, including the safety and privacy of City employees, it is imperative that a formal reporting and response policy be followed when responding to incidents of City computer abuse.|
City computer abuse may constitute violations of: the City Employee Code of Conduct, City Personnel Rules and Regulations Section 301.15; the City Internet Usage Policy, Administrative Instruction 8-12; Guidelines for City E-Mail Services, Administrative Instruction 8-13; other City computing policies as approved by the Information Services Committee or issued by the Chief Information Officer; or other City ordinances or New Mexico or Federal law, including but not limited to the Federal Computer Fraud and Abuse Act (18 USC §1030 et seq), Electronic Communications Privacy Act (18 USC §2501 et seq), and Digital Millennium Copyright Act (17 USC §512 et seq).
|Contact: Tom Obenauf, (505) 768-2994|